From ce9c7c48e81dcc56720904de4922f5c0ddb46f20 Mon Sep 17 00:00:00 2001 From: Sebastian Eriksson Date: Sun, 19 Jan 2025 20:14:30 +0100 Subject: [PATCH] split internal & external --- .../external-controller.yaml | 0 {policies => external}/external-policy.yaml | 0 {controllers => external}/kustomization.yaml | 4 +- external/proxy/kustomization.yaml | 11 +++++ {config => external/proxy}/nginx.conf | 18 -------- proxy.yaml => external/proxy/proxy.yaml | 6 +-- external/proxy/service.yaml | 14 ++++++ external/service.yaml | 17 +++++++ .../internal-controller.yaml | 0 {policies => internal}/internal-policy.yaml | 0 {policies => internal}/kustomization.yaml | 4 +- internal/proxy/kustomization.yaml | 11 +++++ internal/proxy/nginx.conf | 38 +++++++++++++++ internal/proxy/proxy.yaml | 29 ++++++++++++ internal/proxy/service.yaml | 14 ++++++ internal/service.yaml | 16 +++++++ kustomization.yaml | 11 +---- services.yaml | 46 ------------------- 18 files changed, 161 insertions(+), 78 deletions(-) rename {controllers => external}/external-controller.yaml (100%) rename {policies => external}/external-policy.yaml (100%) rename {controllers => external}/kustomization.yaml (66%) create mode 100644 external/proxy/kustomization.yaml rename {config => external/proxy}/nginx.conf (61%) rename proxy.yaml => external/proxy/proxy.yaml (87%) create mode 100644 external/proxy/service.yaml create mode 100644 external/service.yaml rename {controllers => internal}/internal-controller.yaml (100%) rename {policies => internal}/internal-policy.yaml (100%) rename {policies => internal}/kustomization.yaml (64%) create mode 100644 internal/proxy/kustomization.yaml create mode 100644 internal/proxy/nginx.conf create mode 100644 internal/proxy/proxy.yaml create mode 100644 internal/proxy/service.yaml create mode 100644 internal/service.yaml delete mode 100644 services.yaml diff --git a/controllers/external-controller.yaml b/external/external-controller.yaml similarity index 100% rename from controllers/external-controller.yaml rename to external/external-controller.yaml diff --git a/policies/external-policy.yaml b/external/external-policy.yaml similarity index 100% rename from policies/external-policy.yaml rename to external/external-policy.yaml diff --git a/controllers/kustomization.yaml b/external/kustomization.yaml similarity index 66% rename from controllers/kustomization.yaml rename to external/kustomization.yaml index ec227bb..f45ff8b 100644 --- a/controllers/kustomization.yaml +++ b/external/kustomization.yaml @@ -2,5 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - proxy - external-controller.yaml - - internal-controller.yaml + - external-policy.yaml + - service.yaml diff --git a/external/proxy/kustomization.yaml b/external/proxy/kustomization.yaml new file mode 100644 index 0000000..8d0abb2 --- /dev/null +++ b/external/proxy/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - proxy.yaml + - service.yaml + +configMapGenerator: + - name: external-proxy-config + files: + - nginx.conf diff --git a/config/nginx.conf b/external/proxy/nginx.conf similarity index 61% rename from config/nginx.conf rename to external/proxy/nginx.conf index b1b46f4..702051d 100644 --- a/config/nginx.conf +++ b/external/proxy/nginx.conf @@ -18,29 +18,11 @@ http { upstream external_ingress { server nginx-external.ingress-nginx.svc.cluster.local:80; } - upstream internal_ingress { - server nginx-internal.ingress-nginx.svc.cluster.local:80; - } # Server block for HTTP (port 80) server { listen 80 default_server; server_name _; - - # For infra.mrcynic.site - # (We do a separate server block for clarity. Could be done with if/host checks.) - } - - # dev.mrcynic.site - allow only LAN - server { - listen 80; - server_name ~^(?.+)\.dev\.mrcynic\.site$; - - location / { - proxy_pass http://internal_ingress; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - } } server { diff --git a/proxy.yaml b/external/proxy/proxy.yaml similarity index 87% rename from proxy.yaml rename to external/proxy/proxy.yaml index bc3f6ce..4d072e8 100644 --- a/proxy.yaml +++ b/external/proxy/proxy.yaml @@ -1,18 +1,18 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: edge-proxy + name: external-proxy annotations: argocd.argoproj.io/sync-wave: "100" spec: replicas: 1 selector: matchLabels: - app: edge-proxy + app: external-proxy template: metadata: labels: - app: edge-proxy + app: external-proxy spec: containers: - name: nginx diff --git a/external/proxy/service.yaml b/external/proxy/service.yaml new file mode 100644 index 0000000..fe3afc6 --- /dev/null +++ b/external/proxy/service.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: external-proxy-service +spec: + type: LoadBalancer + selector: + app: external-proxy + ports: + - name: http + port: 80 + targetPort: 80 + nodePort: 30080 diff --git a/external/service.yaml b/external/service.yaml new file mode 100644 index 0000000..6dfc162 --- /dev/null +++ b/external/service.yaml @@ -0,0 +1,17 @@ + +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx-internal +spec: + type: LoadBalancer + selector: + app.kubernetes.io/name: nginx-internal + ports: + - name: http + port: 80 + targetPort: 80 + - name: https + port: 443 + targetPort: 443 diff --git a/controllers/internal-controller.yaml b/internal/internal-controller.yaml similarity index 100% rename from controllers/internal-controller.yaml rename to internal/internal-controller.yaml diff --git a/policies/internal-policy.yaml b/internal/internal-policy.yaml similarity index 100% rename from policies/internal-policy.yaml rename to internal/internal-policy.yaml diff --git a/policies/kustomization.yaml b/internal/kustomization.yaml similarity index 64% rename from policies/kustomization.yaml rename to internal/kustomization.yaml index 4f51d2d..a72ce25 100644 --- a/policies/kustomization.yaml +++ b/internal/kustomization.yaml @@ -2,5 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - external-policy.yaml + - proxy + - internal-controller.yaml - internal-policy.yaml + - service.yaml diff --git a/internal/proxy/kustomization.yaml b/internal/proxy/kustomization.yaml new file mode 100644 index 0000000..9f3b484 --- /dev/null +++ b/internal/proxy/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - proxy.yaml + - service.yaml + +configMapGenerator: + - name: internal-proxy-config + files: + - nginx.conf diff --git a/internal/proxy/nginx.conf b/internal/proxy/nginx.conf new file mode 100644 index 0000000..dafb593 --- /dev/null +++ b/internal/proxy/nginx.conf @@ -0,0 +1,38 @@ +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + # Basic config + include /etc/nginx/mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + + # We define internal upstreams + upstream internal_ingress { + server nginx-internal.ingress-nginx.svc.cluster.local:80; + } + + server { + listen 80 default_server; + server_name _; + } + + # dev.mrcynic.site - allow only LAN + server { + listen 80; + server_name ~^(?.+)\.dev\.mrcynic\.site$; + + location / { + proxy_pass http://internal_ingress; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + } +} \ No newline at end of file diff --git a/internal/proxy/proxy.yaml b/internal/proxy/proxy.yaml new file mode 100644 index 0000000..4107160 --- /dev/null +++ b/internal/proxy/proxy.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: internal-proxy + annotations: + argocd.argoproj.io/sync-wave: "100" +spec: + replicas: 1 + selector: + matchLabels: + app: internal-proxy + template: + metadata: + labels: + app: internal-proxy + spec: + containers: + - name: nginx + image: nginx:stable-alpine + volumeMounts: + - name: config + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + ports: + - containerPort: 80 + volumes: + - name: config + configMap: + name: internal-proxy-config diff --git a/internal/proxy/service.yaml b/internal/proxy/service.yaml new file mode 100644 index 0000000..ae4b6f0 --- /dev/null +++ b/internal/proxy/service.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: internal-proxy-service +spec: + type: LoadBalancer + selector: + app: internal-proxy + ports: + - name: http + port: 80 + targetPort: 80 + nodePort: 30080 diff --git a/internal/service.yaml b/internal/service.yaml new file mode 100644 index 0000000..466fcf7 --- /dev/null +++ b/internal/service.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx-external +spec: + type: LoadBalancer + selector: + app.kubernetes.io/name: nginx-external + ports: + - name: http + port: 80 + targetPort: 80 + - name: https + port: 443 + targetPort: 443 diff --git a/kustomization.yaml b/kustomization.yaml index 9886d5d..d29d870 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -5,15 +5,8 @@ namespace: ingress-nginx resources: - namespace.yaml - - services.yaml - - proxy.yaml - - policies - - controllers - -configMapGenerator: - - name: proxy-config - files: - - config/nginx.conf + - internal + - external generatorOptions: annotations: diff --git a/services.yaml b/services.yaml deleted file mode 100644 index 5229d8b..0000000 --- a/services.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: nginx-external -spec: - type: LoadBalancer - selector: - app.kubernetes.io/name: nginx-external - ports: - - name: http - port: 80 - targetPort: 80 - - name: https - port: 443 - targetPort: 443 ---- -apiVersion: v1 -kind: Service -metadata: - name: nginx-internal -spec: - type: LoadBalancer - selector: - app.kubernetes.io/name: nginx-internal - ports: - - name: http - port: 80 - targetPort: 80 - - name: https - port: 443 - targetPort: 443 ---- -apiVersion: v1 -kind: Service -metadata: - name: edge-proxy-service -spec: - type: LoadBalancer - selector: - app: edge-proxy - ports: - - name: http - port: 80 - targetPort: 80 - nodePort: 30080